Page 1 of 1

Email spammers bombarding site, possibly using an automated contact form

Posted: Fri Nov 22, 2019 11:41 am
by Kotsolis
Hi all,

For the last weeks there are email spammers bombarding my website. It looks like they are using an automated contact form. They spam for 2-3 days at least. Today I woke up and found +1000 spam emails! I have a big website.

But I had one contact form which I think Is disabled. I double checked all menus, both header and footer, and didn't find a contact form.

Check one of the spam emails:
This is an enquiry email via https://(mysiteishere).com/ from:
qseaguu <mille.ci@live.no>

Se flere nakenbilder med meg ved å klikke her - https://siteofthespammer.com
So someone tell me how to double check and disable any contact forms or do any sort of thing to prevent these spammers. This is killing my job time right now! 1000 emails per day? That's too much. And I can't even find their IP as they seem to use a form.

Re: Getting bombarded with spam emails via Joomla

Posted: Fri Nov 22, 2019 2:02 pm
by Jheroen
Hello, check the contact component en see if there are any contacts in use, if so and you want to use them install recaptcha in the website. If you don't use them unpublish them or just delete.
If you have a form using a form extension you should check that extension.
If you have any extension active that can be abused by spammers (virtuemart) check those.

Re: Getting bombarded with spam emails via Joomla

Posted: Fri Nov 22, 2019 7:04 pm
by sozzled
Kotsolis wrote:
Fri Nov 22, 2019 11:41 am
For the last weeks there are email spammers bombarding my website. It looks like they are using [some automated script. Can] someone tell me how to double check and disable any contact forms or do any sort of thing to prevent these spammers. This is killing my job time right now!
There are many topics on this forum that discuss this question. For example, two recent topics here Generally-speaking, CAPTCHA is ineffective in reducing the level of contact form abuse because of the number of automated scripts that bypass CAPTCHA.

Furthermore, attempting to identify the possible source of these attacks by using IP addresses is futile—it's like playing whack-a-mole. As soon as you find one IP address, a dozen more attacks from different IP addresses will happen.

Kotsolis wrote:
Fri Nov 22, 2019 11:41 am
I had one contact form which I think Is disabled. I double checked all menus, both header and footer, and didn't find a contact form.
You will need to triple check everything. Menus (including trashed menus) as well as third-party extensions. "Disabling" things doesn't always work; you may need to uninstall third-party extensions and/or empty the menu trash. If you are unsure what you have installed, please use the Forum Post Assistant reporting tool and post the results here.

Re: Getting bombarded with spam emails via Joomla

Posted: Sat Nov 23, 2019 11:55 am
by Kotsolis
Why do you keep redirecting users to other topics instead of replying here?
What difference does it make?
If those topics have the same subject then merge the topics and provide solution!
I received another 900 emails since yesterday!

Re: Getting bombarded with spam emails via Joomla

Posted: Sat Nov 23, 2019 4:01 pm
by sozzled
Kotsolis wrote:
Fri Nov 22, 2019 11:41 am
For the last weeks there are email spammers bombarding my website. It looks like they are using an automated contact form. They spam for 2-3 days at least. Today I woke up and found +1000 spam emails! I have a big website
Kotsolis wrote:
Sat Nov 23, 2019 11:55 am
I received another 900 emails since yesterday!
This is all that you have told us about your website!

I do not know if your website uses Joomla or not. I do not know any details about your website. I may be a professional website consultant but I am not the expert who knows everything, especially everything concerning your website. So, can we please begin again and can you provide us with all the details about your website and maybe we can help you find out how you are getting all this spam. OK?

This forum is a self-help resource; we will try our best to assist you but you have to help us, too.

Image

Re: Getting bombarded with spam emails via Joomla

Posted: Sun Nov 24, 2019 7:41 pm
by sozzled
@Kotsolis: thank you for your PM but I cannot reply to you via PM because of your account settings. I would recommend that you obtain help from a professional website consultant in order to address your problems. Updating your website software would be a step in the right direction. Good luck.

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Nov 25, 2019 9:16 am
by darb
Kotsolis wrote: ↑
Fri Nov 22, 2019 11:41 am
For the last weeks there are email spammers bombarding my website. It looks like they are using an automated contact form. They spam for 2-3 days at least. Today I woke up and found +1000 spam emails! I have a big website

Kotsolis wrote: ↑
Sat Nov 23, 2019 11:55 am
I received another 900 emails since yesterday!
Did you post the FPA here to people "really" can help you or what do you expect by this replies when nice people here help you for free without any necessary data and info from your side? :pop

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Nov 25, 2019 10:14 am
by sozzled
@darb (and anyone else who asks @Kotsolis to post the FPA report in public): @Kostolis informed me, by PM, that they do not wish to post the FPA report on the forum, in public. That is entirely their right to do this (even if it means that we may not be able to assist them with their problem). So, for the your own benefit, please do not insist that @Kostolis should post the FPA report, in public, on this forum (unless they change their mind). 8)

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Nov 25, 2019 12:04 pm
by Kotsolis
1)I have Joomla 3.8.2 . If this is a known bug on that release and it's fix on the newest, then please send me a link to confirm. I have JomSocial and Kunena installed.

2)Check the image that I attach. What do you think? Is this a kind of form or something or just random spam emails? Can anyone think of a component or module?
mass-spam.jpg
3)Ok it looks like that in some emails the Ip is shown.
Ips are from Russia. They send massive spam in Scandinavian language.

4) Finally what is the FPA?

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Nov 25, 2019 12:14 pm
by darb
Yes there should be more info menu links and directions what FPA is and how to find it https://forumpostassistant.github.io/docs/

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Nov 25, 2019 12:27 pm
by mandville
Kotsolis wrote:
Mon Nov 25, 2019 12:04 pm
1)I have Joomla 3.8.2 .
then you should have updated your gaming site ages ago. not just (un related) bugs but security fixes since then.
If this is a known bug on that release and it's fix on the newest, then please send me a link to confirm.
it is not a known bug, it is an ADMINISTRATOR failure. your latest release of joomla available at posting.php?mode=quote&f=714&p=3587213# along with your other outdated scripts.
2)Check the image that I attach. What do you think? Is this a kind of form or something or just random spam emails? Can anyone think of a component or module?
no, if you check your email you will find a very obvious message telling you just how you have been spammed. a long with many of the topics on this subject that you could so easily have found using search try this one. viewtopic.php?t=960240
seeing as your site has a lits of contacts, then be a good administrator and along with updating your entire site, switch off the default contact form.
3)Ok it looks like that in some emails the Ip is shown.
Ips are from Russia. They send massive spam in Scandinavian language.
Ips are irrelevant.
I find it very hard to believe that someone who has been around as long as you has not heard of the FPA or the forum post assistant that is very clearly highlighted in each forum. i suppose you never heard of the VEL either?

Note: i am not asking you to post the FPA, your site info was find by using the forum search tool and not any other back door system

Re: Getting bombarded with spam emails via Joomla

Posted: Tue Nov 26, 2019 1:08 am
by toivo
darb wrote:Yes there should be more info menu links and directions what FPA is and how to find it
BTW, the link to Forum Post Assistant / FPA can be found at the top of every topic and every forum. Visitors probably automatically ignore the banner, even if it look different from an advertisement. What can we do, perhaps animate the banner?

Re: Getting bombarded with spam emails via Joomla

Posted: Tue Nov 26, 2019 1:43 am
by sozzled
:-\ While the panel discussion about raising the prominence of the FPA link may be of interest to some people, it's completely off-topic as far as addressing the "getting bombarded with spam emails via Joomla" issue is concerned. There are other places on the forum where discussions about raising the awareness of the FPA link(s) have been posted and I would ask that people confine their comments about the FPA to those places, please.

Let's not hijack the purpose of this thread for those other matters, OK?

Re: Getting bombarded with spam emails via Joomla

Posted: Fri Nov 29, 2019 6:39 pm
by leolam
Somebody read about spoofing? If you want clear answers you should post "all headers" without blackening the email addresses. Example auto-replies are important sources with the "in response to" email addresses etc etc

Dont post these kinds of requests if you are not able to provide proper information

Leo 8)

Re: Getting bombarded with spam emails via Joomla

Posted: Fri Nov 29, 2019 7:48 pm
by mandville
In case you missed the really helpful advice in this topic and in the email i sent from your contact form, here is a screenshot to really really help you and others being "bombarded with spam due to an exploit in joomla"
waste.jpg

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Dec 02, 2019 6:27 pm
by Kotsolis
mandville wrote:
Mon Mar 19, 2018 7:38 pm
giovannino wrote:Hello, I got same issue with 3.7.3
then you are using an out of date vulnerable version of joomla.
Did you fix it or not ?
there is nothing for the developers of joomla to fix, the fix is with the adminsitrators of the website that uses joomla .
Is it only sent to administator ? It's the only user as far now.Thanks
well i think you will find its actually sent to the email address listed for the the administrator or the reply to address for the website.

see the answers and suggestions above for how to get you to sort your site out.
I am using an "outdated version of Joomla"? I have just upgraded to the latest version, 3.9.13.
Still the same issue! Look at the screenshot. I have 1 email per 2 minutes!
emails-bomb.jpg
And for this upgrade I paid a developer, because I have lots of custom stuff. Money gone for nothing!

About the last comment, I have completely disabled any contact form (I assume that this appears in site.com/contact) so I can't find how the spammer is abusing me.

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Dec 02, 2019 6:33 pm
by sozzled
Kotsolis wrote:
Mon Dec 02, 2019 6:27 pm
... I can't find how the spammer is abusing me.
Neither can we.

See also
darb wrote:
Mon Nov 25, 2019 12:14 pm
[Information about the FPA] how to find [and use] it https://forumpostassistant.github.io/docs/

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Dec 02, 2019 7:30 pm
by darb
Have you done a online virus scanning of your web site and virus scan for trojans of your computer especially your ftp programme? And only use correct no warez Joomla extensions?

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Dec 02, 2019 7:38 pm
by mandville
In view of the PM you sent me (note I do state not to send unsolicited PMs)
I will post the contents here.
Hello, as I don't want to reveal my website in the public forum topic, here you go:
[Redacted]
I give no contact forms to noone. How do they spam me? Please help because I upgraded to the latest version and I have 800 spam emails per day!
I actually visited your site prior to the PM and took a screen grab of your contact form as shown in the image and marked on it the big arrows. I even aent you a message from the contact form I found.
Yesterday the form was still live.
I and many others have provided you the solution, oh you dont even have captcha on that form AND I hope your contact form email is NOT the one you use of your whois information.

Re: Getting bombarded with spam emails via Joomla

Posted: Mon Dec 02, 2019 9:29 pm
by waarnemer
well, pretty obvious...
When abusing your form.. this scenario is the most likely...

A "bot" specialized in completing default joomla forms can easily fill out all that is needed.
In order to send the spam, the "bot" fills out the form with the "do send me a copy email" checked (this has been mentioned before...) the do send me copy makes sure the message goes somewhere. (the one you see as the person sending the inquiry)
Your administrator account will receive the inquiry too of course... the email you see in your box

How that can happen even when using your (re)captcha?
A bot specialized in joomla forms will probably also know the kind of (re)captcha you are using.
The google (re)captchas tend to get beaten by the bots every now and then. They just hold a list of the gazillion of images with the clicking order on selecting bicycles, motors, busses, windmills... Or the cracked your hidden captcha code already... some even abuse the spoken text of visual captchas...
The hidden captchas can be good and can be bad... depends on your installed plugin of choice.
Do experiment: I like hashcash by Michael Richey as till now nothing passed through it I did not want to.
The best hidden captchas are the ones that are not dependent of third parties like Google...
The best are the ones that hold the answer to a riddle only your server knows the answer to..

If you know your PHP it would also be very easy to add some logging the the code of your (re)captcha... I do... you can then use a tool like fail2ban to block certain IP addresses... they would not even be able to access your site after.. ;)

Re: Getting bombarded with spam emails via Joomla

Posted: Tue Dec 03, 2019 12:21 pm
by Kotsolis
I have tried to Install FPA in Joomla latest version (both .zip and tar.qz files) but I get an error.

Warning
JInstaller: :Install: Can't find XML setup file.

Error
Unable to find install package

Re: Getting bombarded with spam emails via Joomla

Posted: Tue Dec 03, 2019 12:36 pm
by waarnemer
you don't have to..
just unpack the download from github and drop it in the root of your site folder using FTP.

just follow instructions.. https://forumpostassistant.github.io/docs/ step 1 to 6

Re: Email spammers bombarding site, possibly using an automated contact form

Posted: Tue Mar 31, 2020 7:51 am
by aprilgabrielle
Hello.. I use to get flooded with spam emails too until I set up a box trapper via cpanel and it works wonderfully .. you will just need to set it up and I use the spam filter. But if its a person they need to reply and be approved and if you know of a company that is legit you can insert their email extension into setup. But, I'm going to check these other ideas too.

Re: Email spammers bombarding site, possibly using an automated contact form

Posted: Wed Jul 29, 2020 12:57 pm
by kernelstackdump
Happened to me too... I tried to suspend the site using WHM.. but i still receive the mail